package com.dgut.service.background.config.webConfig;

import com.dgut.service.background.service.AdminDetailService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    AdminDetailService adminDetailService;

    @Autowired
    AdminSuccessHandler adminSuccessHandler;

    @Autowired
    AdminFailureHandler adminFailureHandler;

    @Autowired
    AdminLogoutSuccessHandler adminLogoutSuccessHandler;

    //权限拒绝处理逻辑
    @Autowired
    CustomizeAccessDeniedHandler accessDeniedHandler;

    //匿名用户访问无权限资源时的异常
    @Autowired
    CustomizeAuthenticationEntryPoint authenticationEntryPoint;

    //会话失效(账号被挤下线)处理逻辑
    @Autowired
    CustomizeSessionInformationExpiredStrategy sessionInformationExpiredStrategy;

    @Override
    protected UserDetailsService userDetailsService() {
        return this.adminDetailService;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors() //允许跨域
                .and().csrf().disable() //禁用csrf
                .authorizeRequests()
                .antMatchers("/captcha/verify").permitAll() //腾讯防水墙放行
                //设置其他接口admin权限
                .antMatchers("/check/**","/enter/**","/exception/**","/export/**","/health/**",
                        "/inspector/**","/outs/**","/pass/**","/user/**").hasAuthority("ADMIN")
                .and()
                //登录
                .formLogin().loginProcessingUrl("/admin/login").permitAll()
                .successHandler(adminSuccessHandler) //登录成功处理
                .failureHandler(adminFailureHandler)  //登录失败处理
                .and()
                //登出
                .logout().logoutUrl("/admin/logout").permitAll()
                .logoutSuccessHandler(adminLogoutSuccessHandler)
                .and().exceptionHandling().
                accessDeniedHandler(accessDeniedHandler).//权限拒绝处理逻辑
                authenticationEntryPoint(authenticationEntryPoint)//匿名用户访问无权限资源时的异常处理
                .and().sessionManagement()
                .maximumSessions(1)//允许账号最多在一处登陆
                .expiredSessionStrategy(sessionInformationExpiredStrategy);//账号被挤下线处理逻辑
    }

    //加密方式
    @Bean
    public PasswordEncoder passwordEncoder(){
        //return new BCryptPasswordEncoder();
        return NoOpPasswordEncoder.getInstance();
    }
}
